add boundary, infinite loop checks

[tcpdump] / print-ppp.c

diff --git a/print-ppp.c b/print-ppp.c
index 43fddfa2020d60a939c7182782c9e6b930a0c8af..603dd6c40bf5c68ccb80522574f50b86eea1f110 100644 (file)
--- a/print-ppp.c
+++ b/print-ppp.c
@@ -31,7 +31,7 @@
 
 #ifndef lint
 static const char rcsid[] _U_ =
-    "@(#) $Header: /tcpdump/master/tcpdump/print-ppp.c,v 1.107 2005-01-25 16:27:56 hannes Exp $ (LBL)";
+    "@(#) $Header: /tcpdump/master/tcpdump/print-ppp.c,v 1.109 2005-04-20 22:15:17 guy Exp $ (LBL)";
 #endif
 
 #ifdef HAVE_CONFIG_H
@@ -872,6 +872,16 @@ handle_pap(const u_char *p, int length)
        len = EXTRACT_16BITS(p);
        p += 2;
 
+       if ((int)len > length) {
+               printf(", length %u > packet size", len);
+               return;
+       }
+       length = len;
+       if (length < (p - p0)) {
+               printf(", length %u < PAP header length", length);
+               return;
+       }
+
        switch (code) {
        case PAP_AREQ:
                if (length - (p - p0) < 1)
@@ -1149,8 +1159,8 @@ ppp_hdlc(const u_char *p, int length)
         
         switch (proto) {
         case PPP_IP:
-            ip_print(b+1, t - b - 1);
-            goto cleanup;
+               ip_print(gndo, b+1, t - b - 1);
+               goto cleanup;
 #ifdef INET6
         case PPP_IPV6:
             ip6_print(b+1, t - b - 1);
@@ -1213,7 +1223,7 @@ handle_ppp(u_int proto, const u_char *p, int length)
        case ETHERTYPE_IP:      /*XXX*/
         case PPP_VJNC:
        case PPP_IP:
-               ip_print(p, length);
+               ip_print(gndo, p, length);
                break;
 #ifdef INET6
        case ETHERTYPE_IPV6:    /*XXX*/
@@ -1597,3 +1607,11 @@ printx:
 #endif /* __bsdi__ */
        return (hdrlength);
 }
+
+
+/*
+ * Local Variables:
+ * c-style: whitesmith
+ * c-basic-offset: 8
+ * End:
+ */